Bug #14516
closed
With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings
0%
Description
Hello fellow pfsense redmine community members,
I was researching just random items with MAC addresses and IP mappings. I have found a random bug here with my AP unit I have three MAC addresses being the RJ-45 connection, the Wi-Fi 2.4GHz, and the Wi-Fi 5GHz for researching I have added all the mac addresses into the firewall as static entries as some are on the Wifi-5GHz and others the 2.4GHz and the firewall is using the RJ-45. Keep in mind the firewall issues DHCP addresses the AP unit is in bridge mode and relays everything to the firewall. I have noticed a weird issue with the ARP table of the firewall it lists the wrong hostname that is mapped to that mac address.
It is a mapping mixup in the logs here with the multiple entries, should the system allow this?
MY concern is that it did not map to the correct hostname here. I do understand it only needs the RJ-45 on the firewall mapped however if the AP is in bridge mode and the firewall is set to only allow known devices with static assignments does this cause a concern?
Ref:
https://forum.netgate.com/topic/181077/ap-unit-has-multiple-mac-hardware-layer-2-addresses/
Files
| Screenshot 2023-06-27 at 3.41.20 PM.png (518 KB) Screenshot 2023-06-27 at 3.41.20 PM.png | MAC-IP pair hostname mix up in ARP table | ||
| Screenshot 2023-06-27 at 12.10.28 PM.png (1.86 MB) Screenshot 2023-06-27 at 12.10.28 PM.png | AP unit has multiple hardware addresses. | ||
| Screenshot 2023-06-27 at 9.51.52 PM.png (1.07 MB) Screenshot 2023-06-27 at 9.51.52 PM.png | Arp -a ran from host device showing correct hostname mapping during testing when mixup at firewall occured |
Updated by Jonathan Lee over 2 years ago
Should DHCP allow multiple entries? Leading to if it does why did it not map to the correct hostname in the arp table on the firewall.
Here is my iMac arp - a showing it is mapped to the same MAC address. Keep in mind this AP has built in NAS software as it is an Airport extreme with time machine.
Updated by Jonathan Lee over 2 years ago
Why does the GUI allow it? Leading to, it does allow it so, why does it map to the wrong host names?
Updated by Jonathan Lee over 2 years ago
Because of the hostname mix up seen here can we please use a Java "map" object and or Python's "dictionary" equivalent to store the static MAC-IP mappings. I am confused as to why it would mix up the hostnames here. If this was used it could check for duplicate MAC addresses or duplicate IP addresses.
Updated by Jonathan Lee over 2 years ago
yes we can agree the user can configure it wrong all over. Again, an administrator might fat finger a large static DHCP list with a couple entries thus causing hostname mix ups. That for one would be very hard to pinpoint. Moreover, we know the amount of hours system administrators work. It's a lot of hours. This would make PfSense have a ease of use software functionality built in. I assumed that if pfSense allowed multiple duplicate entries, it was done for a situation when two devices need to be swapped in and out and need the same IP address, in this mindset PfSense should still log the correct hostnames. Again, if that was the reason for PfSense allowing the GUI duplicate entries.
Weird thing to research, but the hostnames mixup was what I was after and or why
PfSense would allow the duplicate entries in the first place. Let's agree admins have monster static dhcp lists that are updated and changed all the time within a secure setting. This situation would want controls in place for hostnames. Finally, logs for the hostnames could get bonkered up and with a monster list and that would be hard to track down why hostnames are wrong. We know PfSense now has experimental layer 2 Ethernet filtering.
Updated by Marcos M about 2 years ago
- Status changed from New to Not a Bug
- Affected Version deleted (
All) - Affected Architecture deleted (
SG-2100)
The ARP page does a DNS lookup to show the hostname. Since the same IP address is used for multiple hostnames, the result of a reverse lookup can change.